hi felix
On creation of the token all SimpleCredentials attributes are copied to
the token node. These attributes must be matched on subsequent requests
with attributes from the TokenCredentials object supplied.
not quite... all attributes are stored in the node but only those
marked as required attributes (having a leading '.token' will be
used for validation upon a subsequent login.
* Attributes are either optional or mandatory. Optional attributes
present in the SimpleCredentials object are just stored in the
token node but are not matched on subsequent requests. Mandatory
attributes must be existing as secondary validation mechanisms
in subsequent requests.
see above
* When creating the Session from the SimpleCredentials (on first
access creating the token) only the optional attributes (plus the
token value of course) are copied to the Session attributes. The
mandatory attributes are not copied.
makes sense... i will add that.
* When creating the Session from the TokenCredentials (on subsequent
access validating the supplied token and mandatory attributes) the
optional attributes stored in the token node are copied to the
Session attributes while (again) the mandatory attributes are not
copied.
same here.
This allows for preventing to leak mandatory attributes into the Session
but also allows for using the token node as a temporary store for
informational attributes.
thanks for the review!
angela
